|
|
|
|
|
|
by wyldfire
3041 days ago
|
|
|
> I have yet to see a convincing argument that proof-of-stake can be made trustless. It turns out that "trustless" is more subtle and not quite as discrete as we might've thought. While PoW coins like Bitcoin are probably ranked higher on this scale than others, it might not matter. > That's not to say that trustless consensus is necessary for a currency. Agreed. IMO these newer coins that are lower on the trustless scale would not have been possible without the high bar that Bitcoin set. But now, they are. |
|
|
That's exactly it -- even in the centralized variants, the "trusted" authority doesn't have a lot of power. The main power they have is censoring transactions, both in the present (not accepting a new transaction) and in the past (rewriting the chain to omit a transaction and all of its dependents).
The ability to rewrite history is a dangerous one, but is mitigated by the fact that they can't do so undetected by the network. This is a social/economic effect rather than a cryptographic one, which has its own dangers, but means that the trusted authority risks losing (or forking) its status to a competing trusted authority for the same coin if the consensus of the network is that they cannot be trusted.
The forward security guarantees are just that the transactions are signed, and those signatures cannot be forged, even by the trusted authority, so there is no way for another actor (including the trusted authority) without access to your private keys to spend your coins.